Example #1
0
 protected void checkNegativeAcl(ACP acp) {
   if (negativeAclAllowed) {
     return;
   }
   if (acp == null) {
     return;
   }
   for (ACL acl : acp.getACLs()) {
     if (acl.getName().equals(ACL.INHERITED_ACL)) {
       continue;
     }
     for (ACE ace : acl.getACEs()) {
       if (ace.isGranted()) {
         continue;
       }
       String permission = ace.getPermission();
       if (permission.equals(SecurityConstants.EVERYTHING)
           && ace.getUsername().equals(SecurityConstants.EVERYONE)) {
         continue;
       }
       // allow Write, as we're sure it doesn't include Read/Browse
       if (permission.equals(SecurityConstants.WRITE)) {
         continue;
       }
       throw new IllegalArgumentException("Negative ACL not allowed: " + ace);
     }
   }
 }
Example #2
0
 protected static void addACLRow(List<ACLRow> aclrows, String name, ACE ace) {
   // XXX should prefix user/group
   String user = ace.getUsername();
   if (user == null) {
     // JCR implementation logs null and skips it
     return;
   }
   String group = null; // XXX all in user for now
   aclrows.add(
       new ACLRow(aclrows.size(), name, ace.isGranted(), ace.getPermission(), user, group));
 }